WHAT IS CLAIMED IS: 

1. A method comprising the acts of: 

providing an endorsement key pair to a security module associated with a customer 
computing device, the endorsement key pair including a public key and a private key; 

storing data representative of the public key in a storage external to the customer device; 

at a subsequent time, receiving at a comparison agent operatiyely connected to the storage, 
certificate request data from the customer device, the certificate request data including at least one 
of: the public key, and a hash of the public key with a temporary secret; 

determining whether at least a portion of the certificate request data transmitted to the 
comparison agent matches the data representative of the public key stored in the storage, and if so: 

generating an endorsement certificate at least in part using the public key; and 

providing the endorsement certificate to the customer device. 

2. The method of Claim 1 , wherein the receiving act is associated with a request from the 
customer device for the endorsement certificate. 

3 . The method of Claim 1 , further comprising transferring the customer device to a customer 
after the storing act. 

4. The method of Claim 1 , wherein the security module is a trusted platform module (TPM). 
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5 . The method of Claim 1 , wherein the storage and the comparison agent are not associated 
with a vendor of the customer device. 

6. The method of Claim 1, further comprising signing the endorsement certificated 

key. 

7 . The method of Claim 1 , further comprising erasing the temporary secret from the security 
module after the certificate request data has been sent to the comparison agent. 

8. A customer computing device, comprising: 

at least one security module containing a private key and a public key related to the private 
key, the keys establishing an endorsement key pair; 

at least one processor operati vely connected to the security module and executing logic 
comprising: 

requesting an endorsement certificate at least in part by sending data representative 
of the public key to a source of endorsement certificates; and 

if it is determined at the source that the data representative of the public key 
matches a version of the data representative of the public key already at the source, 
receiving from the source an endorsement certificate generated by the source, the 
endorsement certificate being generated at least in part using the public key. 
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9. The device of Claim 8, wherein the endorsement certificate is signed with a signing key. 



10. The device of Claim 8, wherein the security module is a trusted platform module (TPM). 

1 1 . The device of Claim 8, wherein the source of endorsement certificates is not the source of 
the customer device. 

1 2. The device of Claim 8, wherein the data representative of the public key includes at least 
one of: the public key, and a hash of the public key and a secret. 

1 3 . The device of Claim 1 2, wherein the secret is erased from the security module after the data 
representative of the public key has been sent to the source. 

14. A service comprising: 

storing data representative of public keys associated with respective customer computing 
devices; 

receiving transmissions of data representative of public keys from customer computing 
devices; 

comparing the received data representative of a public key with at least the stored data 
representative of a public key to determine if a match is found; and, if a match is found: 
generating an endorsement certificate if a match is found; and 
providing the endorsement certificate to the customer computing device. 
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15. The service of Claim 14, wherein the endorsement certificate is generated based at least 
in part on the associated public key. 

16. The service of Claim 15, further comprising signing the endorsement certificate with a 
signing key before providing the endorsement certificate to the customer computing device. 

17. The service of Claim 14, wherein the public keys are associated with respective trusted 
platform modules. 

18. The service of Claim 14, wherein the data representative of a public key includes at least 
one of: the public key, and a hash of the public key and a secret. 

19. The facility of Claim 1 8, wherein the secret is erased from the customer computing device 
after the data representative of the public key has been sent to the facility. 

20. A computing facility comprising: 

means for storing data representative of public keys associated with respective customer 
computing devices, prior to providing the devices to customers; 

means for receiving transmissions of data representative of public keys from devices 
provided to customers; 
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means for comparing data representative of a public key received from a device provided 
to a customer with at least data representative of a public key in the means for storing to determine 
if a match is found; 

means for generating an endorsement certificate based at least in part on the associated 
public key if a match is found; and 

means for transmitting the endorsement certificate to the customer device. 

2 1 . The facility of Claim 20, wherein the means for generating signs the endorsement certificate 
with a signing key before transmitting the endorsement certificate to the customer device. 

22. The facility of Claim 20, wherein the public keys are associated with respective trusted 
platform modules. 

23 . The facility of Claim 20, wherein the data representative of a public key includes at least 
one of: the public key, and a hash of the public key and a secret. 

24. The facility of Claim 23, wherein the secret is erased from a customer computing device 
after the data representative of the public key has been sent to the facility. 
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